used for on-demand playback, to pseudo-live
streams that have TiVo-like digital video recording (DVR) functionality, there’s a need for
Many countries, especially in Europe, require
personal data to be stored in a secure fashion.
Videos can be designated as personal data,
which means that an EVP solution should at
least offer the option. Most of the time, though,
multinational corporations have business-related requirements that specific data should
be stored in specific countries, for both compliance and governance reasons.
As such, a secure EVP must cater to these
business needs by providing use-case-compliant
storage options. As part of the audit process,
there will also be a high likelihood that the EVP
will be required to present its clients with legal
documentation regarding how data processing is
done and where a sample subset of files is stored.
Companies that focus on storage as their
primary service, such as Box and DropBox,
offer cloud-based storage solutions with vary-
ing degrees of security. Box, for instance, of-
fers in-country storage as well as an alphabet
soup of best practices compliance: ISO 27001,
ISO 27018, SOC 1 (SSAE 16), PCI DSS, and Fed-
RAMP, to name just a few.
Since videos can be easily posted and shared
from a cloud storage account, it is the responsibility of the corporate IT group to verify that a
cloud-based storage solution can curtail video
content access in a way that it should only be
available to a limited circle of employees—in
other words, tight granular access control per
user, per video.
While the big push for cloud-based storage
is preventing data loss, the need for securing
content—and extending security controls into
the cloud for authentication, identity, and network—continues to advance. One area where
security is becoming more prevalent is controls for security information and event management (SIEM).
The SIEM approach is a holistic approach,
combining information management (IM) with